Cryptography: - FolioLive

disturbeddeterminedΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

60 εμφανίσεις

Cryptography:

What is it and why do we need it?


December 10, 2005



“The Ancient Greek
skytale

may have been one of

the earliest devices used to implement a cipher”



Written By:

James Barnett



One iteration (out of 6

10) of the block cipher
SAFER
-
K. Modern computer
-
implemented ciphers can be a lot more complex than those performed by hand or
electromechanical machines.
TABLE OF CONTENTS


Title Page

Page 1

SAFER
-
K Diagram

Page 2

Table

of Contents

Page
3

Introductory to Cryptography

Page 4

History of Cryptography

Pages 4
-

7


Is Cryptography Helpful for Personal Use

Page
7

-

8

Cryptography in Business

Pages 8
-

10

Cryptography in Government

Pages
10
-

11

Two Common Types of Crypto
graphy

Pages 11
-

15


A Practical Solution with Cryptography

Page

15


References

Page 1
6


Introduction to Cryptography


Cryptography

is the field concerned with linguistic and mathematical
techniques for securing information, particularly in communicat
ions. Historically,
cryptography was concerned solely with
encryption
; that is, means of converting
information from its normal, comprehensible form into an incomprehensible
format, rendering it unreadable without secret knowledge. Encryption was used
prim
arily to ensure secrecy in important communications, such as those of spies,
military leaders, and diplomats.


In recent decades, however, the field of cryptography has expanded its
remit: modern cryptography provides mechanisms for more than just keeping

secrets and has a variety of applications including, for example, authentication,
digital signatures, electronic voting and digital cash. Moreover, people without
extraordinary needs for secrecy use cryptographic technology, which is often
built transpare
ntly into much of computing and telecommunications infrastructure.


Cryptography is an interdisciplinary subject, drawing from several fields.
Older forms of cryptography were chiefly concerned with patterns in language.
More recently, the emphasis has shi
fted, and cryptography makes extensive use
of mathematics, particularly discrete mathematics, including topics from number
theory, information theory, computational complexity, statistics and
combinatorics. Cryptography is also considered a branch of engin
eering, but it is
considered to be an unusual one as it deals with active, intelligent and
malevolent Cryptography is a tool used within computer and network security.


Cry
p
to
graphy is

also a term used to describe the s
cience of encoding a
message into a f
orm that is unreadable and making sure only the proper people
are capable of decoding the message back into its original form.




This is usually done by using an encryption algorithm and a decryption
algorithm (these two are often the same) and very often

a secret key. Some of
the early cryptographic systems did not use a key but instead kept the algorithm
itself secret.


The message sender uses the encryption algorithm and the key to encode
the message, and then sends it to the receiver. The receiver the
n uses the
decryption algorithm and the key to turn back the encrypted message into its
original form and read it. If the message is intercepted
by
others, they will only
have unreadable data and will have gained nothing, unless they can figure out
the dec
ryption algorithm and obtain the key.


This is why the key is never to be sent with the message, and has to be
kept secret at all cost. If the key is compromised, the sender and the encrypted
data is no longer safe. The sender and the receiver then usuall
y agree on a new
key to prevent any further damage.


History of Cryptography


In ancient Greece, around 550 Bc, messages were sent encoded to
generals and could only be decoded using special staff keys. The key actually
consisted of a physical object, whic
h was applied on the message to get the
decrypted version of it. In 50 Bc., one of the most simple cryptographic
algorithms ever used was the one called the Caesar cipher, that was used by
Julius Caesar to send messages to his generals. It consisted simply

of switching
each letter with the letter that was 3 letters further down the alphabet. For
example Stephen would become Vwhskhq. To decrypt the message, the
receivers would simply subtract 3 letters from each letter.


This algorithm was later improved an
d called ROT13, where the letters
could be shifted to any number between 1 and 25, and the number of letters
shifted was the secret key.


This very simple algorithm has been used on Usenet successfully to
prevent people from inadvertently reading material
s they might find offensive.

Monoalphabetic substitution is another simple step away from the ROT13
algorithm. In this algorithm, each letter correspond to another letter but in no
particular order. For example a = d, d = x, f = e, etc for all 26 letters.

This made it
much harder to break but also made fairly big keys that couldn't be memorized,
since they consisted of 26 pairs of letters.




In France during 1585, members of the king's court liked to send romantic
or gossip messages to each other and encr
ypt them for safety, which becomes
almost a necessity. Blaise de Vigenere came up with a poly
-
alpabetic substitution
known as the Vigenere cipher. Basically, the algorithm would encrypt messages
several letters at a time instead of letter by letter. For ex
ample ab = fh, th = sq.
To simplify the huge keys it would require, the key was broken into a table and a
key, the table was fairly big but the key was small enough to be memorized, and
the table was useless without the key. This cipher wasn't totally safe

but no
totally sure method to break it was developed before early in the 20th century.



During World War I, American troops used Native Americans to send
messages over the radio, which could only be understood by other native
Indians, and almost nobody
in Germany could understand it. Also in World War I,
the Playfair algorithm was developed by the Allies, the key, like in the Vigenere
cipher, is based on a little table and a short keyword, which were both changed
periodically.


The rules used with the t
able were much more complex and made it fairly
safe. In World War II, however, the Germans gave up on abstract algorithms and
came up with a physical encrypting/decrypting machine called the Enigma. It had
different wheels of different sizes which were to
be tuned differently depending
on the date, the different turnings were listed in a little booklet that came with the
machine. It wasn't broken before the Allies finally managed to capture enough
pieces of the machine and collect enough data from operating

errors by the
Germans.


Is Cryptography Helpful for Personal Use



For most messages, computers would be the ideal carrier. Being able to
encrypt our messages so that no one else can read them is great, but is this
something we really need? Most of us do
not need to have our transmissions
encrypted, for the very simple reason that nobody is interested in intercepting
and reading the average person’s things.


Privacy of this type would not be worth going through the trouble of setting
up unless you have an

important secret to keep. However if it came standard
with most operating systems then it would be convenient enough
to use on a
regular basis. T
here are people out there that need to keep important secrets
and aren't terrorists or criminals or the army.
Most businesses will not be able to
use the Internet as a means of communication as long as all their online
communications are vulnerable to industrial spying.


Cryptography in Business


For businesses, the only safe way to communicate through a medium
w
here each single bit they send can be listened to is to encrypt all of their
communications with a cipher strong enough to resist breaking attempts from the
other businesses. Another use of cryptography applied to business is the one
used by a European tel
evision channel. It distributes a keycode to their TVs, but
only the customers paying every month for the new keycode that corresponds to
their decoder box will be able to decode the broadcasted programs. Without the
use of encryption, broadcasting a premi
um channel would be stupid. Finally, one
of the most useful uses of cryptography that we might all find useful is “Digicash”.



Without cryptography it is very hard to implement a successful and
convenient scheme for online money. And online money is some
thing most
online businesses and shoppers would love to have. Cryptography has its origins
in wars and is therefore considered very much like a weapon because of the
advantage it can give to one side or the other. Legally, any information about any
kind of

strong encryption is considered a weapon. What this means is that it is
illegal to export it to another country in any way
. Many government agencies take

this matter very seriously.



There are more or less equivalent laws in most other countries in the
world as well. Illegal immigrants in France tattooed cryptographic data on their
forearms so that it would be illegal to send them back to their country. Since the
Internet is worldwide, posting any strong encryption information on the web is the
same as e
xporting it, and is therefore illegal. Which means that right now
encrypted Internet communications are more or less illegal as well. Also, the
government is now trying to impose the Clipper chip as a standard on all
computers, and banning all other forms
of cryptography, in order to have a
unique cryptographic system which it has the ability to break. The problem is, is
that it is already too late to prevent these cryptography systems from being
exported. Most foreign countries already have knowledge of th
em, and there are
many foreign business companies that use strong cryptography. So prohibiting
exportation of these materials is purely and simply useless. Furthermore,
prohibiting US companies from being able to export strong cryptography results
in loss
of m
arketing opportunities for them, this
also means that they won't be
able to conduct safe, private conversations when dealing with foreign companies
because they cannot use encrypted communications.


Cryptography in Government


Cryptography will prove
to be important in the present and future by
ensuring that credit card numbers stay secure over the Internet. Other things it
does is prevent
include:
fraud, military actions are not compromised through bad
radio security, and information exchanged among t
he White House, Pentagon,
and other governmental agencies are not compromised by hostile nations.


Government agencies also consider this most critical
due to it being

commonly
used for securing communications. Desired properties can include:



Confidentiali
ty, also known as secrecy: only an authorised recipient should
be able to extract the contents of the message from its encrypted form.
Otherwise, it should not be possible to obtain any significant information
about the message contents.



Integrity: the re
cipient should be able to determine if the message has
been altered during transmission.



Authentication: the recipient should be able to identify the sender, and
verify that the purported sender actually did send the message.



Non
-
repudiation: the sender
should not be able to deny sending the
message.



Anti
-
replay: the message should not be allowed to be sent multiple times
to the recipient without the sender knowing.



Proof of delivery: the sender should be able to prove the recipient received
the message
.

Cryptography can provide mechanisms to help achieve all of the above.
However, some goals are not always necessary, practical or even desirable in
some contexts. For example, the sender of a message may wish to remain
anonymous; clearly non
-
repudiation
would be inappropriate in that case
.


Two Common Types of Cryptography

There are two primary forms of crytography. Symmetric and Public key
crytography.


Symmetric key ciphers either use the same key for encryption and decryption, or
the key used for dec
ryption is easily calculated from the key used for encryption.
Other terms include
secret
-
key
,
private
-
key
,
one
-
key

and
single
-
key

cryptography.

Symmetric key ciphers can be broadly grouped into block ciphers and stream
ciphers. Stream ciphers encrypt one

bit at a time, in contrast to a block cipher,
which operates on a group of bits (a "block") of a certain length all in one go.
Depending on the mode of operation, block ciphers can be implemented as self
-
synchronizing stream ciphers (CFB mode). Likewise,
stream ciphers can be
made to work on individual blocks of plaintext at a time. Thus, there is some
duality between the two. The block ciphers DES, IDEA and AES, and the stream
cipher RC4, are among the most well
-
known symmetric key ciphers.

Other cryptogr
aphic primitives are sometimes classified as symmetric
cryptography:



Cryptographic hash functions produce a hash of a message. While it
should be easy to compute, it must be very difficult to invert (one
-
way),
though other properties are usually needed as
well. MD5 and SHA
-
1
are well
-
known hash functions.



Message authentication codes (MACs), also known as
keyed
-
hash
functions
, are similar to hash functions, except that a key is needed to
compute the hash. As the name suggests, they are commonly used for
me
ssage authentication. They are often constructed from other
primitives, such as block ciphers, unkeyed
-
hash functions or stream
ciphers



Please see Page 2 for a graphic example of this form of crytography

Symmetric key encryption has a troublesome drawback


two people who wish
to exchange confidential messages must share a secret key. The key must be
exchanged in a secure way, and not by the means they would normally
communicate. This is usually inconvenient, and public
-
key (or asymmetric)
cryptography prov
ides an alternative. In public key encryption there are two keys
used, a
public

and a
private

key, with the public key for encryption and the
private key for decryption. It must be difficult to derive the private key from the
public key. This means that so
meone can freely send their public key out over an
insecure channel and yet be sure that only they can decrypt messages encrypted
with it.

Public key algorithms are usually based on hard computational problems. RSA,
for example, relies on the (conjectured)

difficulty of factorisation. For efficiency
reasons,
hybrid

encryption systems are used in practice; a key is exchanged
using a public
-
key cipher, and the rest of the communication is encrypted using a
symmetric
-
key algorithm (which is typically much fast
er). Elliptic curve
cryptography is a type of public
-
key algorithm that may offer efficiency gains over
other schemes.


Asymmetric cryptography also provides mechanisms for digital signatures,
which are a way to establish with high confidence (under the as
sumption that the
relevant private key has not been compromised in any way) that the message
received was sent by the claimed sender. Such signatures are often, in law or by
implicit inference, seen as the digital equivalent of physical signatures on paper

documents. In a technical sense, they are not as there is no physical contact nor
connection between the "signer" and the "signed". Properly used high quality
designs and implementations are capable of a very high degree of assurance,
likely exceeding any

but the most careful physical signature.


Examples of digital signature protocols include DSA and ElGamal
signatures. Digital signatures are central to the operation of public key
infrastructure and many network security schemes (e.g., Kerberos, most VPN
s,
etc). Like encryption,
hybrid

algorithms are typically used in practice; rather than
signing an entire document, a cryptographic hash of the document is signed
instead.


Asymmetric cryptography also provides the foundation for password
-
authenticated key

agreement and zero
-
knowledge password proof techniques.
This is important in light of empirical and theoretical proof that secure password
-
only authentication over a network cannot be achieved with just symmetric
cryptography and hash functions
.

A Practic
al Solution with Cryptography


A practical solution for any business that needs a cryptography based

security

are a combination of a modern IDS armed with RSA and DSA based

systems.


Some examples of how Crytography is practical are:

Cryptography can
be
used to implement various protocols: zero
-
knowledge proof, secure multiparty
computation and secret sharing, for example.

Cryptography can

also be used to
implement digital rights management.

The security of all practical encryption schemes remains unp
roven, both for
symmetric and asymmetric schemes. For symmetric ciphers, confidence gained
in an algorithm is usually anecdotal


e.g. no successful attack has been
reported on an algorithm for several years despite intensive analysis. Such a
cipher might
also have provable security against a limited class of attacks. For
asymmetric schemes, it is common to rely on the difficulty of the associated
mathematical problem, but this, too, is not provably secure.

Cryptography has a cipher with a strong proof of s
ecurity: the one
-
time pad.
However, it requires keys (at least) as long as the plaintext, so it is widely
considered too cumbersome to use in practice.

When the security of a system fails, it is rare that a weakness in the
cryptographic algorithms is explo
ited. More often, it is a mistake in the
implementation, the protocols used or some other human error. The study of how
best to implement and integrate cryptography is a field in itself.



REFERENCES:



James Gannon
,
Stealing Secrets, Telling Lies: How
Sp
ies

and
Codebreakers

Helped Shape the
Twentieth Century
, Washington, D.C., Brassey's, 2001,
ISBN
1
-
57488
-
367
-
4
.



David Kahn
,
The Codebreakers
, 1967,
ISBN 0684831309
.



A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied
Cryptography
I
SBN 0849385237




Bruce Schneier
, Applied Cryptography, 2nd edition, Wiley, 1996,
ISBN
0471117099
.



http://homepage.cs.uri.edu/research/cryptography/



http:
//www.nsa.gov



http://www.cacr.math.uwaterloo.ca/hac/

(Via PDF Downloads)



http://www.rsasecurity.com/rsalabs/node.asp?id=2152